Aadhaar data of all 23 crore beneficiaries of Direct Benefit Transfer schemes could be publicly available, says a report by Centre for Internet and Society.

In the past three months, there have been several reports about caches of Aadhaar data being publicly displayed on government websites across the country.

Personal information associated with the biometric-based 12-digit unique identification number, which the government wants every Indian resident to have, is mandated to be confidential under the Aadhaar Act, 2016.

But exactly how much Aadhaar data has been compromised by negligent government departments?

On May 2, researchers at the non-profit Centre for Internet and Society released a comprehensive report on the extent of the data breaches. They documented four government portals using Aadhaar for making payments and found that sensitive personal and financial information of nearly 13 crore people was being displayed on them, including details of about 10 crore bank accounts.

Two of the portals, for the Mahatma Gandhi National Rural Employment Guarantee Act and the National Social Assistance Programme, belong to the Union rural development ministry. The others are run by the Andhra Pradesh government for the workers’ insurance scheme Chandranna Bima and for filing Daily Online Payment Reports of MNREGA.

The researchers estimated that Aadhaar data of all 23 crore beneficiaries of the central government’s various Direct Benefit Transfer schemes could be publicly available. This means nearly a fifth of India’s population is potentially exposed to irreversible privacy harm, and financial and identity fraud.

The Unique Identification Authority of India, the agency which manages the Aadhaar database, had denied any breach of confidential data on May 3. But two weeks later, on May 17, the UIDAI wrote to the Centre for Internet and Society, asking it to provide more details. In the report, the researchers had demonstrated that Aadhaar numbers could be easily accessed on the National Social Assistance Program, a pensions scheme administered by the Ministry of Rural Development, even behind a login, and that this pointed to poor security standards. The UIDAI has now termed this as an instance of illegal access by the researchers.

CIS has clarified that it did not violate the Information Technology Act 2000 by adopting this research method, and that the organisation had notified concerned government departments, including the UIDAI, prior to publishing its report so that the sensitive data could be removed.

The rural development ministry, on its part, has changed how its MNREGA database is accessed, redacting Aadhaar numbers and bank account details of the beneficiaries. Senior officials of the ministry, however, denied making systemic changes in the wake of the Centre for Internet and Society report.

“The researchers claimed that financial information of over 10 crore individuals was available publicly, on pension and MNREGA portals,” said Nagesh Singh, additional secretary in the ministry, “but bank account details were displayed only on two state department websites of Andhra Pradesh and Telangana as these states are far advanced in transparency practices.”

“For all other states,” Singh added, “financial information and Aadhaar numbers were removed or masked last year. For pension schemes we masked the data in June 2016, and for MNREGA this data was removed in December. Even if any data was showing, it would only be for the particular block the resident is in, not for any other state workers.”

All this was done, he said, “because the UIDAI communicated to us that this information is sensitive and should not be displayed and the Aadhaar regulations prohibit display of Aadhaar numbers”. The Aadhaar (Sharing of Information) Regulations were introduced last September.

The chief executive officer of UIDAI, Ajay Bhushan Pandey, did not respond to Scroll.in’s questions emailed on May 19.

Contrary to Singh’s claims, social activists outside Andhra Pradesh and Telangana confirmed they could access bank account details of MNREGA workers until May 3. Only on May 4, two days after the Centre for Internet and Society report was released, did the details stop showing on the Management Information System.

“We could no longer access the electronic muster roll, and it started returning error messages,” said Ashish Ranjan of Jan Jagran Shakti Sangathan, a registered union of unorganised workers in Araria, Bihar. But until early May, he added, the Management Information System allowed anyone in any state to access the personal information of workers, even from other states.

Activists and beneficiaries relied on this system for two things. “Several of the new bank accounts have errors, and accessing this information directly helped get the discrepancies corrected without going to block level officials,” Ranjan explained. “It also helped track where the wages of workers were stuck.”

When activists asked why the data was no longer accessible, Ranjan said, rural development department officials said the Management Information System was changed “on the directions of the Supreme Court and the Union cabinet secretary.”

“This has been the pattern with the MNREGA MIS for long,” Ranjan said, referring to the information system. “Senior officials change access to a feature as they wish without clear processes or explanations.”

James Herenj, an activist with NREGA Watch, a non-profit which monitors the implementation of MNREGA in Jharkhand, had the same experience. “Bank account details were removed from the website last week,” he said, “this is a problem as we can no longer help MNREGA workers get data entry errors corrected.”

The Centre for Internet and Society researchers too contested the rural development ministry’s claim that Aadhaar numbers and bank account details were displayed only on Andhra Pradesh and Telangana government websites. They released a video clip showing them accessing bank account details and Aadhaar numbers of 801 MNREGA workers of Agara panchayat in Bengaluru through an internet search on March 25.

Consent, please?

The Aadhaar Act, 2016 requires both government and private agencies to take informed consent before using a person’s Aadhaar for authentication, but there is little evidence that consent is sought before Aadhaar is seeded with personal and financial information.

Indeed, when the Supreme Court first permitted the voluntary use of Aadhaar for MNREGA in October 2015, Aadhaar numbers of 2.36 crore workers had already been seeded to their bank accounts, without the consent of over 99% of them.

The rural development ministry’s data shows that until June 2016, only about 4,10,000, or less than 1% of the 10.7 crore MNREGA workers, had agreed to Aadhaar-based payments. The ministry worked around this by organising “consent camps” to retrospectively collect proof of consent.

Poor standards

Writing in The Economic Times, Ram Sewak Sharma, chairperson of the Telecom Regulatory Authority of India and former director general of the Unique Identification Authority of India, argued that the reports about “Aadhaar leaks” on government websites failed to account for provisions of the Right to Information Act, 2005. Section 4 of this law provides for proactive disclosure of government decisions while Section 8 mandates public authorities to publish all information on welfare schemes, including details of beneficiaries.

This has created a situation, Sharma pointed out, where the transparency law may require even Aadhaar numbers of beneficiaries to be made public even though the Aadhaar Act mandates them to be confidential.

Right to Information activists, however, said the authorities were anything but devoted to the transparency law. Crucial information they seek on the efficacy of Aadhaar in welfare schemes is routinely denied under Right to Information requests.

“The government is willfully manipulating information systems to subvert details of biometric failures,” said Amrita Johri, a member of the National Campaign for People’s Right to Information and an activist with the Right to Food campaign, which has petitioned the Delhi High Court against Aadhaar being mandatory for food rations. “We have come across instances of ration cardholders being turned back because of fingerprints being falsely rejected, or network failure, but on the Delhi government’s website, this is shown as the beneficiaries not having come to the ration shop at all.”

“Similarly, the government claims it has removed bogus ration cards through Aadhaar,” Johri added, “but they do not show any administrative action if such bogus cards were really found through Aadhaar even though Section 4 of the RTI Act requires disclosure of such decisions.”

Johri is concerned that the “Aadhaar leaks” could become an excuse to deny people “other useful information”. “When we requested officials to display how many biometric transaction were not successful, they told us that in a few days, they will remove the entire MIS as there had received orders from the food ministry to not display demographic data associated with Aadhaar,” she said. “But we pointed out that it was the creation of a single identification number that is the problem. Why should information on all other government schemes be removed?”

The Centre for Internet and Society report points out that while the law now makes Aadhaar numbers confidential, the government has failed to specify data masking standards. Section 6 of the Aadhaar Regulations lays down that no government or private agency should publish Aadhaar numbers unless they are redacted or blacked out “through appropriate means”.

But this is too vague, the report points out. “In some instances, the first four digits are masked while in others the middle digits are masked,” Srinivas Kodali, one of the authors of the report, explained, “which means someone with access to different databases can use tools for aggregation to reconstruct information hidden or masked in a particular database.”

Kodali said that for information other than Aadhaar numbers, each ministry and department is required to classify the data that is sensitive, restricted or open, which they have failed to do. “The National Data Sharing and Accessibility Policy, 2012 requires securing information of sensitive and restricted data but it does not recommend the ways to do it,” he said. “The standards around information disclosure and control do not exist, and the Ministry of Statistics expert committee on this was unable to suggest one last month.”

“Even for MNREGA data,” Kodali continued, “the Ministry of Rural Development’s chief data officer should have classified the financial information as restricted or open when the database was first created. But did they do this.”

Nagesh Singh, the additional secretary, however said his ministry “does not have a chief data officer to do this”. “The ministry’s economic advisor is the official responsible for categorising data and advises us on this,” he added.

Ten awesome TV shows to get over your post-GoT blues

With those withdrawal symptoms kicking in, all you need is a good rebound show.

Hangovers tend to have a debilitating effect on various human faculties, but a timely cure can ease that hollow feeling generally felt in the pit of the stomach. The Game of Thrones Season 7 finale has left us with that similar empty feeling, worsened by an official statement on the 16-month-long wait to witness The Great War. That indeed is a long time away from our friends Dany, Jon, Queen C and even sweet, sweet Podrick. While nothing can quite replace the frosty thrill of Game of Thrones, here’s a list of awesome shows, several having won multiple Emmy awards, that are sure to vanquish those nasty withdrawal symptoms:

1. Billions

There is no better setting for high stakes white collar crime than the Big Apple. And featuring a suited-up Paul Giamatti going head-to-head with the rich and ruthless Damien Lewis in New York, what’s not to like? Only two seasons young, this ShowTime original series promises a wolf-of-wall-street style showcase of power, corruption and untold riches. Billions is a great high-octane drama option if you want to keep the momentum going post GoT.

2. Westworld

What do you get when the makers of the Dark Knight Trilogy and the studio behind Game of Thrones collaborate to remake a Michael Crichton classic? Westworld brings together two worlds: an imagined future and the old American West, with cowboys, gun slingers - the works. This sci-fi series manages to hold on to a dark secret by wrapping it with the excitement and adventure of the wild west. Once the plot is unwrapped, the secret reveals itself as a genius interpretation of human nature and what it means to be human. Regardless of what headspace you’re in, this Emmy-nominated series will absorb you in its expansive and futuristic world. If you don’t find all of the above compelling enough, you may want to watch Westworld simply because George RR Martin himself recommends it! Westworld will return for season 2 in the spring of 2018.

3. Big Little Lies

It’s a distinct possibility that your first impressions of this show, whether you form those from the trailer or opening sequence, will make you think this is just another sun-kissed and glossy Californian drama. Until, the dark theme of BLL descends like an eerie mist, that is. With the serious acting chops of Reese Witherspoon and Nicole Kidman as leads, this murder mystery is one of a kind. Adapted from author Liane Moriarty’s book, this female-led show has received accolades for shattering the one-dimensional portrayal of women on TV. Despite the stellar star cast, this Emmy-nominated show wasn’t easy to make. You should watch Big Little Lies if only for Reese Witherspoon’s long struggle to get it off the ground.

4. The Night of

The Night Of is one of the few crime dramas featuring South Asians without resorting to tired stereotypes. It’s the kind of show that will keep you in its grip with its mysterious plotline, have you rooting for its characters and leave you devastated and furious. While the narrative revolves around a murder and the mystery that surrounds it, its undertones raises questions on racial, class and courtroom politics. If you’re a fan of True Detective or Law & Order and are looking for something serious and thoughtful, look no further than this series of critical acclaim.

5. American Horror Story

As the name suggests, AHS is a horror anthology for those who can stomach some gore and more. In its 6 seasons, the show has covered a wide range of horror settings like a murder house, freak shows, asylums etc. and the latest season is set to explore cults. Fans of Sarah Paulson and Jessica Lange are in for a treat, as are Lady Gaga’s fans. If you pride yourself on not being weak of the heart, give American Horror Story a try.

6. Empire

At its heart, Empire is a simple show about a family business. It just so happens that this family business is a bit different from the sort you are probably accustomed to, because this business entails running a record label, managing artistes and when push comes to shove, dealing with rivals in a permanent sort of manner. Empire treads some unique ground as a fairly violent show that also happens to be a musical. Lead actors Taraji P Henson and Terrence Howard certainly make it worth your while to visit this universe, but it’s the constantly evolving interpersonal relations and bevy of cameo appearances that’ll make you stay. If you’re a fan of hip hop, you’ll enjoy a peek into the world that makes it happen. Hey, even if you aren’t one, you might just grow fond of rap and hip hop.

7. Modern Family

When everything else fails, it’s comforting to know that the family will always be there to lift your spirits and keep you chuckling. And by the family we mean the Dunphys, Pritchetts and Tuckers, obviously. Modern Family portrays the hues of familial bonds with an honesty that most family shows would gloss over. Eight seasons in, the show’s characters like Gloria and Phil Dunphy have taken on legendary proportions in their fans’ minds as they navigate their relationships with relentless bumbling humour. If you’re tired of irritating one-liners or shows that try too hard, a Modern Family marathon is in order. This multiple-Emmy-winning sitcom is worth revisiting, especially since the brand new season 9 premiers on 28th September 2017.

8. The Deuce

Headlined by James Franco and Maggi Gyllenhaal, The Deuce is not just about the dazzle of the 1970s, with the hippest New York crowd dancing to disco in gloriously flamboyant outfits. What it IS about is the city’s nooks and crannies that contain its underbelly thriving on a drug epidemic. The series portrays the harsh reality of New York city in the 70s following the legalisation of the porn industry intertwined with the turbulence caused by mob violence. You’ll be hooked if you are a fan of The Wire and American Hustle, but keep in mind it’s grimmer and grittier. The Deuce offers a turbulent ride which will leave you wanting more.

9. Dexter

In case you’re feeling vengeful, you can always get the spite out of your system vicariously by watching Dexter, our favourite serial killer. This vigilante killer doesn’t hide behind a mask or a costume, but sneaks around like a criminal, targeting the bad guys that have slipped through the justice system. From its premier in 2006 to its series finale in 2013, the Emmy-nominated Michael C Hall, as Dexter, has kept fans in awe of the scientific precision in which he conducts his kills. For those who haven’t seen the show, the opening credits give an accurate glimpse of how captivating the next 45 minutes will be. If it’s been a while since you watched in awe as the opening credits rolled, maybe you should revisit the world’s most loved psychopath for nostalgia’s sake.

Available starting October

10. Rome

If you’re still craving an epic drama with extensive settings and a grandiose plot and sub-plots, Rome, co-produced by HBO and BBC, is where your search stops. Rome is a historical drama that takes you through an overwhelming journey of Ancient Rome’s transition from a republic to an empire. And when it comes to tastes, this series provides the similar full-bodied flavour that you’ve grown to love about Game of Thrones. There’s a lot to take away for those who grew up quoting Julius Caesar, and for those looking for a realistic depiction of the legendary gladiators. If you’re a history buff, give this Emmy-winning show a try.

For your next obsession, Hotstar Premium has you covered with its wide collection of the most watched shows in the world. Apart from the ones we’ve recommended, Indian viewers can now easily watch other universally loved shows such as Silicon Valley and Prison Break, and movies including all titles from the Marvel and Disney universe. So take control of your life again post the Game of Thrones gloom and sign up for the Hotstar Premium membership here.

This article was produced by the Scroll marketing team on behalf of Hotstar and not by the Scroll editorial team.